SSL 3.0 and TLS 1.0 are vulnerable to an attack that can disclose private data

The researchers proof of concept can be used against popular sites such as PayPal

The exploit requires the attacker to be in a ‘man-in-the-middle’ position, and uses a ‘chosen plain-text attack’ against the AES encryption algorithm often used by SSL/TLS.

The attack works by having malicious javascript inject known plain text into the encrypted data stream, offering the attackers a chosen plain text to target their cryptanalysis against.

Not all SSL implementations default to AES, OpenSSL prefers the Camellia cipher first, however, a man-in-the-middle attack could influence the list of allowable ciphers, causing AES to be chosen as the cipher suite.

The researchers have been working with browser vendors since May to develop a solution, however every proposed patch has been found to break compatibility with some major SSL appliance resulting in a number of major sites not being reachable over SSL. Thus far browser vendors have not resolved the issue.

The attack is relatively slow, and requires a MiTM position, so it not likely to result in the breakdown of all e-commerce, however, it could be used quite effectively against public wifi spots.

Statistics shows that as many as 35% of SSL enabled sites are still vulnerable to a 2009 attack. Some sites purposely delay deploying SSL updates due to concerts about compatibility with outdated browsers, especially since SSL is used primary for e-commerce.

Intel has worked with RealVNC to embed a VNC Remote Frame Buffer server directly into the BIOS and vPro management chipset

Featuring include allowing you to remotely change BIOS settings, mount virtual images for reinstalling or repairing the OS, full remote-kvm features and remote reboot capability

The VNC access is secured using the existing on board encryption and certificate system built into the Intel vPro Management Engine Chipset.

vPro must be enabled, assigned an IP address and certificate (or strong password) in order to be used, so this will not expose unconfigured computers to the risk of being unintentionally remotely controlled.

Feedback:

Home Server Segment – Storage. There are many different types of RAID, a set of technologies that allow multiple independent physical disks to act as a single logical disk. The different types of RAID provide different advantages and disadvantages and have various uses.

RAID 0 uses any number of disks and spreads the data between the disks, usually in blocks of 64 or 128kb. The total size of the logical disk will be N * smallest disk

This means that while reading and writing data, you have more physical heads doing the work, meaning that when read or writing a large amount of data, all of the disks can work in tandem, resulting in higher throughput

The disadvantage to RAID 0 is that there is no redundancy, if any one disk in the set fails to work, all data in the entire RAID array is no longer usable.

Common use cases for RAID 0 are things such as Video Editing that requires extremely high throughput rates

RAID 1 is the most basic type of RAID, it requires an even number of disks. Each pair of disks contains identical information. The total size of the logical disk is N/2 * smallest disk.

When one of the two disks fails, the other contains exactly the same data, and the system can continue to operate. The failed disk can then be replaced, and the remaining disk has it’s data cloned to the new disk (this process is called Resilvering), restoring the system to full operational status.

RAID 1 can improve read performance because two heads can be seeking at the same time, however it cannot improve write performance, as both disks must write all changes made to the data

The disadvantage to RAID 1 is that you lose half of the storage capacity of the drives you put in to the array

RAID 1 is typically used for systems that require high fault tolerance, and the ability to continue to operate even during a disk failure

RAID 2 is not currently used, the original specification called for disks that would rotate and seek in unison and offer the possibility of higher transfer rates.

RAID 3 is similar to RAID 0, however instead of using large blocks, data is split between the drives at the byte level. This is very rare in practise because of the limited number of IOPS that most disks can handle, and the fact that RAID 3 suffers from a great loss of speed if more than 1 operation is run concurrently

RAID 4 works similar to RAID 5 below, except that it uses a dedicated parity disk

RAID 5 combines striping (RAID 0) with parity. This means that as each group of blocks is written, a parity block is calculated and written to one of the disks. This way, if any one of the disks were to fail, using the remaining blocks and the parity block, it would be possible to calculate what the missing block should be. The total size of the logical disk is N – 1 * smallest disk.

During operations, if a disk fails, the RAID array will be in what is know as ‘degraded’ mode, where the controller must do the calculations to determine what the missing data would be. This results in significantly lower performance. However the array can be restored to healthy status by replacing the failed disk, and allowing it to ‘resilver’ (the process of calculating each block of data that should exist on that drive, and writing it to the disk).

RAID 5 provides a the advantages of RAID 0 (speed, use of most of your disk capacity), while still providing some fault tolerance.

The parity data is storage spread across all of the disks, rather than always one one specific disk, for more even performance, because the parity calculation is

RAID 5 is typically used in servers where a large amount of storage and performance is required, but some degree of fault tolerance is also warranted. RAID 5 is rarely available on built-in RAID controllers due to the complexity of the parity calculations.

RAID 6 works like RAID 5 except with two copies of the parity information. The size of the logical disk is N–2 * the smallest disk

RAID 6 provides additional fault tolerance, specifically it allows the array to continue to operate if more than 1 disks fails at once, or if a second disk fails before the first can be resilvered. In a RAID 5 array, if a second disk dies before the first failed disk is completely restored, the entire array is lost.

RAID 6 is typically used in servers that require more storage and more fault tolerance than RAID 1 can provide, and where RAID 5 is just not enough fault tolerance. RAID 6 usually requires a rather expensive hardware controller.

A stripped array of two RAID 6 arrays, providing additional performance on top of the fault tolerance and larger capacity of RAID 6. This setup is also common in setups where the RAID 6 arrays are on separate controllers.